Security applications are widely used with computer systems. These security applications may be used to validate authorized users and/or to encrypt and decrypt sensitive information.
Security may be especially important for smart cards. As is well known to those having skill in the art, a smart card is a computer system on an electronic card that is generally of the same size and quality of material as a credit card. An Integrated Circuit (IC) chip is contained in the smart card. The IC chip generally contains a Central Processing Unit (CPU) which may be a microprocessor, a Chip Operating System (COS) and memory, such as Electrically Erasable and Programmable Read Only Memory (EEPROM) and/or Read Only Memory (ROM). Thus, a smart card can store and process information therein.
Because the processor and memory are contained on the smart card, smart cards may be particularly amenable to obtaining high reliability and/or security and can, therefore, function as an electronic purse. Smart cards have been used in various fields, such as financial systems, distributed processing and information security, factory automation, office automation, medical treatment, government programs (e.g., Social Security), mobile communications, public telephones, cable TV, power, gas, other utilities, education, credit card, cash card, prepaid card, home banking, etc. A smart card may be used for a single application or service, or multiple applications or services may be integrated in one smart card.
Reading/writing/erasing operations of data stored in the smart card and communication between the smart card and external devices may be rigidly controlled and protected through the physical security of the smart card itself and/or by using cryptography. However, many techniques have also been developed to circumvent these security procedures. In particular, hacking techniques have been developed to try to directly access security information on the smart card by bypassing the complex encryption firewall of the smart card, for example by using a subroutine call, also referred to herein as a “jump command”, during execution of an operating system on the smart card. Thus, during the operating system program execution, the security information may be obtained or changed during a jump to the security program and/or to a load/save command.